Re: Life of Crime

[InfoSec News <isn () C4I ORG>]

Forwarded by: "Talleur, Thomas" <ttalleur () kpmg com>
cc: Russell Coker <russell () coker com au>

[Mr. Talleur included a 261KB .PDF that I didn't want to forward to
everyone, I will take a peek at it on Friday and likely post it
somewhere on c4i.org with Mr. Talleur's permission. Any additional
comments on this should be taken to private mail.  - WK]

Russell:

My brief response to your Email is not intended to be a comprehensive
answer for a variety of reasons ...

Don't be too harsh on FAST ... they only had space for a snippet piece
about the future in this respect, and, I didn't share with them my
complete thinking about the future because I've had to copyright a lot
of invented terms, technology stuff, and theses for a book that I keep
saying I'm going to write.  So in part, they didn't hear it all from
me, and in part, they're getting part of the conclusions from a thesis
that you couldn't see laid out to justify it.  Also, I didn't write it
... they interpreted what I said ... and wrote it.

All I will say is this:  cyber crime (today) is organized crime ...
not just traditional OC groups ... but new, loosely confederated but
organized cyber groups. This stems from my day to day experience at
NASA.  This type of insight is not always part of the experiential set
of others in law enforcement and security positions for a variety of
reasons.  For this reason, some people will not understand this type
of statement.

Also, I followed the invention of advanced technologies at NASA to
understand their impact and their fabrication process. The creation of
new technologies to achieve NASA's mission raises the issue of how
they will be exploited when implemented in new spacecraft and
technologies.  It was my job to understand this and to creat
counterexploitations so that when new technologies were introduced, we
would have an effective law enforcement mechanism in place to deal
with them and to share with the agency's management for security
purposes.  If one understands how adaptive crime occurs today, it's
not a far stretch to understand how the next level involves predatory,
morphological aspects.

As far as nanotechnology goes, NASA is experimenting with this right
now to address cancer with the National Institute of Health using
nanotechnology. It's not a far stretch to see how these types of
entities could be created for malign purposes ... I already saw
pre-cursors to them at NASA.

The reason people will acquiesce to having chips implanted their
bodies is for the same reasons that people accept pacemakers today:
improve health, performance, and enhance the living experience, and to
compete with others. Instead of taking Ritalin or Prozac tomorrow to
deal with ADHD or Manic Depression, these chips will be used to
regulate the brain to help people with these afflictions.  And to keep
up in school, parents will face the delightful and awful choice of
allowing the implantation of these into their kids bodies so that
their massive neural parallel processors (brains) are accompanied by
strong serial co-processors (our weakness) before their shelf life
ends (of this technology) according to Moores law by about 2020.

<"Cybercrime won't stifle the expansion of e-commerce -- it will ...

Wrong.  There are many occasions when I have considered buying items
online but decided not to because I couldn't trust the integrity and
ability of the

people who run the web site.<

I'm afraid I disagree ... we see it now.  The Internet is filled with
business and other operations that are put on there to facilitate
interelationships ... even when the parties doing so know that there
are risks.  This trend will continue no matter what ... .  I agree
with you about the nature of man ... but actions speak louder than
words.  Man has a history of embracing and using technology long
before he understands the risks and the trends of exposure abound
around us.

Thanks for the recommendations about others books, but, I don't read
them so as to not taint my real life experiences in dealing with this
stuff with others intellectual property.  I think if you can remove
yourself from experience sets / perceptions that might find inhibiting
it will be easier to understand all of this.  Again ... my theses are
based upon my real life experiences in dealing with adaptive
technological crime in an advanced technology public agency.  My
perceptions about the future are not speculations, but syntheses of my
knowledge about new and coming technologies and how the exploitation
of them in the future could have a dark side.

Thanks for sharing your thoughts and I'm glad the article provoked
critical thought on your part and caused you to craft your comments.

Best wishes, tt

PS ... here's some more down to earth stuff to read ...

http://www.cio.com/archive/030101/autopsy.html

http://www.advisor.com/Articles.nsf/aid/LEEDH148

http://washingtonpost.com/wp-srv/liveonline/00/business/walker/walker0803.ht
m

http://www.msnbc.com/news/457161.asp#BODY




-----Original Message-----
From: Russell Coker [mailto:russell () coker com au]
Sent: Wednesday, March 21, 2001 11:31 AM
To: William Knowles
Cc: ttalleur () kpmg com
Subject: Re: [ISN] Life of Crime


> Scenario
>
> "Technology is feverishly re-creating our physical reality. As we
> begin to coprocess the virtual world and the physical world,

What is that supposed to mean?  The only reference to "coprocess" I know of
is in regard to 80387 type devices, but I don't think that's what the author

means.

> integrating technology into every support device of our lives, we're
> learning to tolerate a greater threshold of cyberattacks. Tomorrow, we
> will put up with e-crimes the way we tolerate allergies today. The

Only if "port scanning" is considered an e-crime.

> E-crimes will exploit us in very personal ways as cyberchips are
> embedded into our bodies. We will learn to accept the side effects of
> such invasions, much like the way we deal with the effects of drugs
> and vaccinations."

This is presuming of course that there is a significant number of people who

are stupid enough to have computers running software from the usual vendors
of insecure software installed in their bodies.
There is an endless supply of stupid people, but are there enough people who

are that stupid?

> "Our society will be running around like a dog chasing its tail as our
> physical reality becomes crafted at the subatomic level by
> self-replicating nanobots. E-crimes will become adaptive, predatory,
> and morphological, driven by entities that exist solely to destroy

So is an "e-crime" a misbehaved nano-bot then?  If so then I suggest reading

Bill Joy's writing on the topic as published in Wired magazine (it's on
http://www.wired.com/ ).

Also what is this about "sub-atomic level"?  Are the naughty nano-bots
supposed to be engaged in nuclear fission, nuclear fusion, or transmutation
(as sought after by alchemists)?

> entire communication networks. Cyber-illnesses will become so
> pervasive that entire service brownouts will delay global
> communication and B2B commerce, which in turn will create tremendous
> opportunities for further abuses in the marketplace."
>
> Futurology Decoder Key
>
> "Cybercrime won't stifle the expansion of e-commerce -- it will

Wrong.  There are many occasions when I have considered buying items online
but decided not to because I couldn't trust the integrity and ability of the

people who run the web site.  I would probably spend at least $5000 a year
purchasing items over the Internet if people were capable of running their
servers securely.  For purchase orders which I am involved in preparing
there
would probably be at least $100,000 of business to business sales per year
if
it was possible to trust the vendors.
Some of the companies that I buy from have chosen not to sell over the
Internet for the following reasons:
1)  Customers wouldn't believe that their site was secure and consequently
they wouldn't get the sales.
2)  They have seen other companies suffer significant PR hits when their
site
gets hacked.  It's better not to do online sales than have to do an
expensive
clean-up.
3)  They don't believe that they are capable of securely running a site,
given the record of certain software products we all use most companies
could
use this reason if they were honest!

E-commerce would involve at least 10 times as many transactions if people
believed it was secure.  It is being very stifled by the lack of security -
which is a good thing!

> accompany it. As technology becomes more sophisticated, entire markets
> will be created for cyberwarfare entities and then for counter
> entities. And the focus will be on defending the individual. Clinical
> psychologists of cyberspace will help people cope with the new reality
> of integrated virtual and physical worlds, where we'll experience
> unprecedented exploitations. Widespread identity thefts will follow.
> We'll see cases of permanent identity loss by 2015."

I recommend reading some of Neal Stephenson's books.  Neal has some very
interesting ideas regarding nano-warfare, cryptology, and related issues.
He
has obviously spent considerable amounts of time with people who are work
with related technologies.

--
http://www.coker.com.au/bonnie++/     Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/       Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/     My home page


*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".